On Fri, 2020-03-20 at 12:30 -0400, Dave Hughes wrote:
> Thank you for the information! This issue originated from a Department of Defense STIG
> (Security Technical Implementation Guides). It's a security check that applications
> and databases have to go through. I'll just leave this one as a "finding" since there
> isn't a way to really configure it to their requirements.
Our traditional answer is that for high security standards, you shouldn't use
passwords in the database, but some external authentication method like
Kerberos. Then you can enforce the password restrictions there.
Yours,
Laurenz Albe
--
Cybertec | https://www.cybertec-postgresql.com